Blog

Archive for October, 2014

This week in review: this machine eats privacy, malware, ApplePay retailers pay the piper, and more

This week in review: this machine eats privacy, malware, ApplePay retailers pay the piper, and more

By Don Dobson

In our weekly roundup, we draw your attention to selected news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data, including problems that Dodoname can help solve. Catching our attention this week were posts about technology advances that further erode your privacy, new payment system hacking, the continuing cyber-security battle for retailers and as always, lots of phishing and other email scams. For all our privacy, security and personal data related posts follow @MyDodoname on Twitter.

The privacy killing machine

We had seen previously Facebook’s move into direct competition with Google with its advertising exchange Atlas. The platform leverages your unique Facebook identifier tracking you across the web and multiple devices. ISP Verizon is also using what they call a “Unique Identifier Header.” Some critics are saying “…it’s also a reckless misuse of Verizon’s power as an internet service provider—something that could be used as a trump card to obviate established privacy tools such as private browsing sessions or “do not track” features.”

The ol’ Backoff sneak attack

We’ve previously noted many retail data breaches that compromise consumer data including personal and financial information. Retailers can be infected with at least one piece of malware and be unaware for long periods of time. Unfortunately, it appears to be getting worse as we discover in a report that says the ‘Backoff’ malware used in retail data breaches is spreading. Apparently some  recent breaches, like that at Home Depot, are resulting in credit card charges coming out of Brazil.

Hackers give CurrentC no quarter

Apple’s new payment system, ApplePay, was announced with much fanfare a couple of weeks ago. However, some retailers abruptly stopped using the system this past week. Apparently they forgot agreements they had in place to support an alternate system that precluded them for using ApplePay. The payment system, called CurrentC includes partners CVS and Rite Aid among others. It vacuums up (and promises to share) lots of personal data and has been signing up customers. However, it actually hasn’t been released for use yet and already it has been hacked and criminals managed to grab the email addresses of anyone who signed up for the program.

Phishing for Apple

The Apple ecosystem has traditionally been noted as being less subject to security concerns than its competition but that has been changing. News was revealed this week via the CYREN Internet Threats Trend Report that phishing scams targeting Apple rose 246%.

Other phishing activity noted this week involve Pizza Hut, a Michigan hospital, rocker Brett Michaels, doctors, architects, engineers and other white-collar professionals, and even Revenue Canada.

Malware hackers do seem to be more prevalent than ever so it comes as no real surprise to see a new Microsoft survey where 42% report weekly and even daily attempts to gain access to their PC or a @FindLawConsumer survey that shows 29% of U.S. adults say they’ve had their identity stolen and that 10% report being hit twice. Whether it’s a legitimate-looking invoice email hiding a data-stealing Trojan malware attack, banking malware that specifically targets sensitive user account credentials, or horse owners, unfortunately Pew Research sees a likelihood of major attacks in coming years.

Posted in: Blog, Data breach, Phishing, Privacy, This week in review

Leave a Comment (0) →

Top five online privacy concerns

Top five online privacy concerns

By Don Dobson

In epidemiology, the means for the transmission of disease is termed a “vector.” In the world of online privacy, your personal email address is one of the prime vectors by which your privacy can be compromised. If you’re not using a Dodoname to interact with merchants, you’re leaving yourself open to these top five privacy concerns (which can have some very scary repercussions!)

1. Phishing

Wikipedia defines phishing as the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Although not the only means, email is one of the main vectors for phishing. At Dodoname, we like to keep up to date on the latest developments in cybercrime through email phishing scams. We see that the scammers are relentless and that anyone can be a victim: criminals shamelessly exploit the latest news, such as recent attempts linked to the Ebola scare gripping the world or even attack children. It also a big problem for businesses as employees can be fooled and surrender corporate information or provide a pathway for hacking of retailer systems.

Phishing still thrives because it remains a simple game and the power of easily sending millions of emails every day allows the bad guys to fill their quotas. Old scams are still making the rounds and claiming victims. And the fact is, email remains a very popular communication channel. Unfortunately, it’s true that real dangers can place themselves in your inbox. Here’s a start on some help to stay out of trouble and also some advice if you have taken the bait.

2. Data breaches

Retailers in particular have shown themselves to be vulnerable to hacker attacks which result in a “breach” of security measures protecting customer data, as have financial institutions.

You may think “that’s their problem” but it could also be a problem for you. Depending on the nature of the data breach, personal information you have shared with companies, including credit card information, may become available for use by criminals and/or be re-sold in criminal markets. Ironically, this can result in even more effective phishing emails as criminals use information already stolen to become more credible to email recipients in what is known as “spear-fishing.”

There is nothing you can do to prevent these breaches, but they are the top of the list of concerns for company executives. Customers are striking back. Many consumers will stop patronizing companies who have had a data breach while some victims of these attacks  have joined lawsuits against retailers like Home Depot.

3. Malware

Email phishing can have many consequences. One of those is the installation of malware on your device. There are many varieties of malware “in-the-wild,” some malicious, some not so much, but none have any business on your device. Among the types of malware that can impact you are “key-loggers,” which send back everything you type online to criminals. This information would include details of all your online activity including banking website passwords.

And the thing is, you don’t always even need to click on anything. Just visiting some sites exposes you to these sneaky downloads through “malvertising.” You might think that staying away from seedy corners of the Internet would protect you, but the truth is even reputable sites can be hacked in these ways through ad exchanges.

4. Identity theft

Identity thieves have many different ways to strike: over the phone or through something as low-tech as criminals sifting through your trash, or through email phishing attacks. Online theft of personal identity and it has become a major problem worldwide. Criminals can use your identity and credit card information to make purchases, take out loans or conduct any illicit financial transaction.

Identity thieves can be individuals at the local level or international organized criminal operations. Even using free wi-fi at a coffee shop can open you up to identity theft. It’s clear that these types of cybercrime enterprises are a growth business.

5. Data brokers

A much broader concern for personal privacy than the vector of phishing emails and malware criminals is an industry that operates “legitimately” but without much regulatory protection for consumers. Testimony by Pam Dixon, Executive Director, World Privacy Forum appearing before the Senate Committee on Commerce, Science, and Transportation, suggests that somewhere around 4,000 companies in the U.S. gather identity information left by the “digital exhaust” of your online activity. Dixon cites real harm to individuals resulting from these activities and notes “Despite the large and growing size of the industry, until this Committee started its work, this entire industry largely escaped public scrutiny. Privacy laws apply to credit bureaus and health care providers, but data broker activity generally falls outside these laws. Even a knowledgeable consumer lacks the tools to exercise any control over his or her data held by a data broker.” 

(Image: Flickr, Sebastien Wiertz, link)

 

 

 

 

 

 

 

 

Posted in: Blog, Data breach, Email, Fraud, Identity, Phishing, Privacy

Leave a Comment (0) →

This week in review: scary tales of data brokers, info snatchers, phishing scams and more

This week in review: scary tales of data brokers, info snatchers, phishing scams and more

By Don Dobson

In our weekly roundup, we want to draw your attention to news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data: problems that Dodoname can solve. Catching our attention this week were posts about the fight for your data, those pesky data brokers, spooky tales of data snatchers, privacy terror and phishing season.

The fight for data: yours

While conversation around the issue of privacy continues to get louder, use of the word “fight” is really a misnomer, as in many respects the fight appears to be lost. This was underlined in a book review we discovered this week of What Stays in Vegas by Adam Tanner, a Harvard University scholar and business writer. The book provides an inside look on how personal data from credit ratings, voter lists, marriage licenses, police records and online behaviours are combined and sold on the open market.

Going for (data) broke(rs)

Frank Pasquale, a professor of law at the University of Maryland, is the author of the forthcoming book “The Black Box Society: The Secret Algorithms That Control Money and Information.” He writes, Every day, corporations are connecting the dots about our personal behavior—silently scrutinizing clues left behind by our work habits and Internet use. The data compiled and portraits created are incredibly detailed, to the point of being invasive. His October 16 op-ed in the New York Times, The Dark Market for Personal Data, notes there are at least 4,000 U.S. “data brokers” selling your information without proper regulation and without the control that consumers deserve.

Tales of (privacy) terror

The alarm is being raised by many, including the American Civil Liberties Union. Although the group was founded in 1920, their concerns remain highly contemporary. Just in time for Halloween, they have released a new video Invasion of the Data Snatchers. The intro to the video on its YouTube channel notes, New technologies are making it easier for private companies and the government to learn about everything we do – in our homes, in our cars, in stores, and within our communities. As they collect vast amounts of data about us, things are getting truly spooky!

Giving up your data for the greater good?

Like any big issue, it isn’t always as simple as it might first appear. Dr. Jean Marmoreo, a physician in Toronto, writing in the Globe and Mail Debate section, notes that the collection of personal data can provide big community benefits while acknowledging the privacy concerns. Inspired by a recent Toronto lecture by Sandy Pentland from the MIT Media Lab, Dr. Marmoreo endorses Pentland’s call for a universal bill of rights for collecting and using Internet data.

Phishing Season: Always Open

Seems there is news every day about phishing scams and this week was no exception. Whether on a local scale, like a restaurant reservation scam in Chicago, the local credit union, much wider schemes like Dropbox users worldwide being targeted, spoofing PayPal or “spear phishing” targeting students, the assaults never stop.  Kaspersky Lab published its Spam in September report this week noting that financial phishing accounted for 36.97 percent of all (its) detections.

There are many ways for phishing to compromise your security including malware that can install itself on your computer without you knowing. Your own protection efforts might benefit by taking a look at the most common malware emails currently hitting inboxes. You can find out if your email has been leaked during a reported data breach using a utility provided by the makers of password manager RoboForm. And if you have taken the bait, Andy Davidson writing on the Rogers Connected site answers the burning question, I Fell for a Phishing Scheme… Now What?

Posted in: Blog, Fraud, Phishing, Privacy, This week in review

Leave a Comment (0) →

Click here to unsubscribe: The Hotel California of email

Click here to unsubscribe: The Hotel California of email

By Francis Moran

The Eagles wrote their enduring rock hit “Hotel California” in the mid-1970s, well before email had even begun to be adopted, so it’s improbable they could have predicted how the closing lyrics of that song would come to describe the horror we have all experienced in trying to unsubscribe from an email list.

We all know the scenario. Either with or without our permission, our email address has found its way onto the marketing list — They call it “marketing.” You call it “spam.” —  of some company or organization. And even though they provide a link at the bottom and invite you to “click here to unsubscribe,” nothing you do gets you off that list. Just like the night man says in that great Eagles song, “You can check out any time you want, but you can never leave.”

It is, perhaps, one of the most frustrating things about email.

Dodoname kills that beast.

When you give a merchant a new Dodoname for whatever purpose, our technology creates a one-to-one link between that unique Dodoname and that merchant. Our servers will not let anything except messages from that merchant get through to that Dodoname. And when you turn off that Dodoname or make it go extinct, we stop letting anything through.

So go ahead — smell the colitas, hear the mission bell, light up a candle, dance in the courtyard and gather for the feast. And when you’ve had enough and go running for the door, rely on Dodoname to check you out for good.

(Image: The Hotel California in Todos Santos, Baja California Sud, Mexico, may or may not have been the inspiration for the Eagles’ classic rock hit. It is, however, a lovely place to stay in my favourite Mexican surf town.)

Posted in: Blog, Email, Unsubscribe

Leave a Comment (0) →

Dodoname Fast Facts

Dodoname Fast Facts

Company name: Dodoname

Website: www.www.dodoname.com

Facebook: www.facebook.com/pages/Dodoname/696004550490500

Twitter: www.twitter.com/mydodoname

Instagram: www.instagram.com/dodoname

Pinterest: www.pinterest.com/dodoname/

Founded: 2014

Company overview: Because of Dodoname, consumers will never again have to give their real email address to anyone.

Consumers sign up for a Dodoname, which they can use much like an email address when interacting with an online merchant, signing up for news feed, accessing wifi in coffee shop or hotel, scheduling a webinar, using a dating site, downloading a white paper, registering a product warranty, receiving a receipt by email, accessing an offer either online or in store, or countless other scenarios where they might be reluctant to provide their real email address.

Consumers can spawn new Dodonames on the fly, both at their desktop and on their mobile devices, to sign up for new offers, promotions or any other type of interaction.

Any Dodoname can be programmed to go extinct after a single use, after a specific period, or on command at any time. In this way, consumers retain complete control over how, when, where – or even if – merchants can communicate with them, and can drop merchants at any time with an absolute guarantee they will never hear from them again.

Technology: Dodoname consists of iOS and website apps that consumers can use to create Dodonames that enable interactions online without divulging personal data. Users can create Dodonames that can be used once or over a period of time. The privacy control is in the hands of the user and there is no exposure to potential spam or privacy breaches.

Market statistics and trends:

In September 2014, Verizon agreed to pay a $7.4M settlement with the Federal Communications Commission for improper use of personal consumer information for marketing purposes. This is the largest settlement of its kind to date.

According to a CNNMoney/Ponemon Institute study, 47 percent of U.S. adults had their personal information exposed by hackers between May 2013 and May 2014.

The Bureau of Justice Statistics reports “Identity-theft victims reported a total of $24.7 billion in direct and indirect losses attributed to all incidents of identity theft experienced in 2012.These losses exceeded the $14 billion victims lost from all other property crimes (burglary, motor vehicle theft, and theft) measured by the National Crime Victimization Survey in 2012.”

According to Securelist, “the percentage of spam in total email traffic during the first quarter [of 2014] came to 66.34%.”

On July 1, 2014, Canada enacted Canadian Anti-Spam Legislation to protect consumers from unwanted commercial electronic messages. Consent is now required for any organization to send such messages to any Canadian address and stiff penalties will be enforced on any sender that isn’t compliant with the law.

The September 2014 CivicScience report Consumer Sentiment Toward Data Privacy stated “Nearly half (49 percent) of U.S. adults say they are ‘very concerned’ about their privacy when using the Internet… Among U.S. adults, being ‘very concerned’ increases to 56 percent when asked about people you don’t know obtaining personal information about you from Internet activity.”

On September 17, 2014, Apple CEO Tim Cook, in an open letter, explained that “Apple takes a very different view” of privacy than its Silicon Valley brethren, which often make a business out of collecting and leveraging consumer information from email content and Web browsing habits – without the explicit approval of consumers.

August 2014: a “big data” lobbyist posits that it’s unlikely that U.S. Congress will pass legislation about how online marketers can use consumers’ personal data.

Posted in: Uncategorized

Leave a Comment (0) →

Backgrounder

Backgrounder

Backgrounder: Get the best from the web without ever revealing who you are.

Dodoname (www.dodoname.com) is the world’s first privacy-marketing platform that reconciles the seemingly opposing forces of Internet personalization and protection of personal data. Dodoname’s goal is to make online interactions authentic, transparent, controlled – and private.

Users can create a unique Dodoname, which they can use much like an email address to interact online. The difference is that no personal information is collected about the user and there are no linkages between their Dodoname and their actual contact information. Gone are the risks of spam, data breaches and privacy hacks.

Users can spawn new Dodonames on the fly, both on the desktop and through our mobile app, to sign up for new deals, register a warranty, download a white paper, subscribe to a magazine or transact any other type of interaction – all while retaining complete control and privacy. Any Dodoname can be programmed to go extinct after a single use, after a specific period, or on command at any time.

Many people have come up with clumsy workarounds to the problem of having to give away more personal information than they’d like when interacting online. These workarounds include creating multiple burner email addresses for which login details and passwords need to be remembered, or providing dummy information that is of no use to the recipient.

The company is launching the iOS app and web application in October 2014. A follow-up release with additional functionality is planned for November 2014.

For more information about Dodoname, visit www.www.dodoname.com.

 

Like Dodoname on Facebook: https://www.facebook.com/pages/Dodoname/696004550490500

Follow Dodoname on Twitter: https://twitter.com/mydodoname

Follow Dodoname on Instagram: http://instagram.com/dodoname

Follow Dodoname on Pinterest: http://www.pinterest.com/dodoname/

-30-

For more information or to arrange for interviews, please contact:

Leo Valiquette

Phone: +1 613 769 9479

Email: leo@leovaliquette.com

Twitter: @leovaliquette

Posted in: Uncategorized

Leave a Comment (0) →

This week in review: malspace, old phishing tricks, ransomware, identity theft and more

This week in review: malspace, old phishing tricks, ransomware, identity theft and more

By Don Dobson

In our weekly roundup, we want to draw your attention to news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data: problems that Dodoname can solve. Catching our attention this week were posts about malspace, the oldest phishing tricks in the book, hack attacks, the weakest link and identity crises.

Word of the week: malspace

A new-to-us word this week, “malspace” was introduced by Steve Durbin in Wired who describes it as an online environment inhabited by hacker groups, criminal organizations and espionage units. Cybercriminals working from malspace are a growth industry where the returns are great and the risks are low, costing the global economy more than $400 billion, according to McAfee. They will grab any target of opportunity, as illustrated in a growing number of attacks on children under 18, which can cause a lifetime of credit problems for the child, as it may not be discovered for years.

Oldies but baddies

Some of the oldest and simplest email phishing scams are still circulating and creating new waves of victims, even though it would be fair to assume that users would be wise to these scams. A blog post from ScamOfTheDay.com claimed that around 156 million spam emails make it through spam filters globally everyday and phoney links are clicked by around 5% who get them. Around 10% of that group are tricked into surrendering info. But consider their report on a “mock scam” security exercise by Canada’s Department of Justice where half of the 5,000 email recipients were lawyers. That test resulted in 1,850 or around 37% clicking a bad link. It’s not easy to tell what is legit and what’s a scam, even when the law is your livelihood.

We are not alone

We learned of a brave volunteer Sophie Curtis who set out to answer just how vulnerable we are. Her article in the Guardian reveals the anatomy of a hacker attack. Curtis summarizes; It’s a salutary tale, mitigated only slightly by the fact that it’s apparently something that could happen to all of us, with precious little that can really be done to prevent it.

Scams range from simple to handsome 

Threats can come from many sources including the advertising we view online, but simple email phishing cybercriminals can certainly wreak some serious havoc. It could be as simple as preying on hopeful job seekers through a “mystery shopper” scam. Or it could be a more elaborate scam, such as detailed in this update on “ransomware” from Bernie Lambrecht via the Solutionary blog, who notes; Ransomware is like Clark Griswold’s crazy Cousin Eddie in the movie National Lampoon Vacation. It just won’t go away, no matter how hard you try to get rid of it.

It’s not you (the credit card companies); it’s me (the retailer) 

Many U.S. consumers might be surprised to hear the U.S. credit card system described as a global “weak link”. Home Depot is feeling the pain as its recent retail security breach has already produced at least 21 class action suits. Unfortunately, retailers can also shoot themselves in the foot: take well known chain Aaron’s Rent-To-Own, which reached a settlement with the State of California this week. Attorney General, Kamala Harris said “Aaron’s concealed its illegal privacy and business practices from customers in a deceptive attempt to avoid California’s robust consumer protection laws and increase its profits.” It’s harder all the time to know who to trust with your personal information when stories continue to emerge like LinkedIn being sued for alleged illegal marketing of member data to employers for their own secret snooping.

Can I see some ID?

Million are victims of identity theft every year. In a case that is a combination of striking back and turning lemons into lemonade, artist Jessamyn Lovell mounted a solo exhibition this past week, based on ID theft, which she titled, “Dear Erin Hart”, after the perpetrator. “I base all of my work on a fact that I experienced,” says Lovell.

Posted in: Blog, Phishing

Leave a Comment (0) →

Still using burner email accounts? It really is throwback Thursday

Still using burner email accounts? It really is throwback Thursday

Way back in the halcyon days of the mid ’90s, the Internet-using public was introduced to webmail. Lycos, mail.com, Hotmail and other web-based email services started to gain popularity. Pretty soon, most everyone was using a Rocketmail or a Yahoo account alongside the address provided by their Internet service provider. One for so-called “real” email, one for those times that you need to provide an email address but you just know that by doing so, you’ll unleash a torrent of spam.

In researching this post, I came across articles with titles like “Why you need at least 4 email addresses,” “9 reasons why you should have more than one email address,” and “10 reasons to have more than one email address.” Each of these articles reference spam and control of your online persona as reasons for creating and using burner accounts. A comment on one of the posts says it all, “I have three, but I’m really getting sick of managing and remembering passwords.” You said it, commenter.

Using the “spam” burner account to enter a contest? Congratulations: you’ve avoided all the spam! And maybe you won the contest, but you’ll never know because you can’t be bothered to filter through all the spam in that account to see if you won! Sorta defeats the purpose, no?

Using your standard password with that webmail account? Bad news: when the inevitable hack or data breach happens, now your password is out there, in the hands of nefarious cybercriminals. Some of these hackers are creating algorithms, cross referencing multiples data breaches and hacks to get all of the personal data that they can about the victims of the breach. Your identity is just a handful of clicks away. And once it’s been compromised, lots of bad things can happen that impact your privacy.

With Dodoname, there’s no need to remember and manage all those email accounts and passwords. Interactions with merchants appear in your Dodoname inbox. Want to unsubscribe? You can do so easily and once you’re unsubscribed with Dodoname, you’re really unsubscribed. The spammer can never contact you again.

You need to have 4 email addresses? No. You need Dodoname.

(Image: Flickr, Gideon Tsang, link)

Posted in: #TBT, Blog, Email, Persona, Privacy, Spam

Leave a Comment (0) →

This week in review: data breaches, oversharing online, phishing, DRM run amok

This week in review: data breaches, oversharing online, phishing, DRM run amok

By Don Dobson

In our weekly roundup, we want to draw your attention to news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data: problems that Dodoname can solve. Catching our attention this week were posts about data breaches, the competing forces of privacy and oversharing on social media, phishing trips, and 1984 in 2014.

Come for the frozen treats and bargain basement prices, stay for the data breach! 

The ongoing parade of data breaches continued this week with these crimes potentially impacting customers of retailers like Dairy Queen and Kmart. These types of attacks are up 30% over 2013 with reports that 43% of companies globally have been affected. Retailers are one thing but security experts are increasingly concerned when they see what should be bastions of security like banks being affected, such as was the case with JP Morgan.

How are people reconciling privacy with sharing online? Poorly.

Stories like the Edward Snowden revelations, spam scams or retailer data breaches are certainly bubbling to the top in media coverage. The fact is, issues surrounding privacy in a world where much of life is lived on-line are complex and there are many implications on a personal level. Are individuals really processing it all and behaving differently? We all do have some personal responsibility of course and Kate Murphy writing in the New York Times says privacy researchers are seeing signs of a backlash, like setting up fake identities, but still it seems; We Want Privacy, but Can’t Stop Sharing

Phishing catches are bountiful

We learned this week that even LinkedIn has become a forum for phishing type attacks and that phishing attacks from websites using one of the world’s most widely used content management platforms, WordPress, are increasingly rapidly.

Surprise: you’ve joined an Orwellian book club! 

Adobe was in the privacy spotlight this week as well, with their attempt at so-called Digital Rights Management (DRM). Independent reports; claim that Adobe’s e-book software, “Digital Editions,” logs every document readers add to their local “library,” tracks what happens with those files, and then sends those logs back to the mother-ship, over the Internet, in the clear. In other words, Adobe is not only tracking your reading habits, it’s making it really, really easy for others to do so as well. Librarian Barbara Fister challenged her profession to be more privacy aware in regard to Adobe, noting; Chances are, you’ve heard the troubling news that the new version of Adobe Digital Editions is a privacy train wreck.

Posted in: Blog, Data breach, Phishing, Privacy, This week in review

Leave a Comment (0) →
Page 1 of 2 12